[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Not a bug but features



Actually I shoulda been more clear on the per file encryption as I was 
meaning somthing similiar to the bestcrypt style mountable virtual 
partition/drive system, can bdes perform that type of function?

While encryption in and of itself is definetly not the end means in 
securing your data, I'm still not convinced that having the option to 
encrypt your entire harddrive, or partitions is worthless. To me it 
seems like it can be a valuable step in a larger overall security 
process.

Take our company laptops for example, other steps we do take including 
tattooing, bonding and registering STOP tags on the laptops to try and 
disuade casual theft, along with other methods of computer storage, 
usage and transport policys, secure password policies, normal network 
security policies etc all as small steps in an over all security plan 
to protect out data at least as much as we resonably can.

As for your points as to why our harddrive encryption usage doesn't 
make sense, well sure you can steal one of our laptops but if you can 
'honestly' break a 128-256 bit blowfish key in 12hrs, I'll not only 
agree with you 100% but I'd be wondering why your not only working for 
but also running the NSA or some othe such agency.

When you consider that we are not a large company and that our only 
real competitor in our very very niche market in the computing field is 
even smaller than we are, then I highly doubt that they have the 
computing power to do what even distributed.net has yet to do (arn't 
they still working on 56 and 64bit keys in various algorithyms and it 
still takes them weeks to many months somtimes for a single key?).

Granted our competitor could use Tempest style attacks on us to try and 
retrive our data but again it comes down to do they even have the 
money, the technical know how and the time to even implement such an 
attack on us? Other than the NSA along with other secretive govt. 
organisations and high level security consultants who like to 
demonstrate that Tempest style attacks are possible, how often do you 
really think that type of data theft happens in the general business 
world? (Granted if we were developing the holy grail of alternate and 
unlimited power that could totally replace the current fossil fule and 
electricity cartels then yes I could definetly see someone using that 
against us). 

I agree that there is no way to fully and truly secure your data for a 
determined thief or unknown agency, but it's just like a house. You 
don't put a lock on a house to keep thieves out (another impossible 
task), you put a lock on to keep honest people honest.

As far as 
On Friday 25 May 2001 09:31, you wrote:
> At 7:43 AM -0700 5/25/01, john miller wrote:
> >I'd like to see options for both per file and entire disk/volume
> > encryption in OpenBSD.
>
> per file encryption is already installed in openBSD. Try  bdes for
> example.
>
> >Currently we use full disk encryption on our Win9x, Win2k laptops
> >at work using a product called Pointsec from
> > http://www.pointsec.com.
>
> Okay, this does not make good sense. I steal the notebook, now what?
> I've got your data and 12 hours later it's free and clear.
>
> If your data MUST be kept physically secure then why not buy a secure
> notebook? Like from IBM? They make a notebook that is little known
> that has lost of physical security features. Like a HDD destruction
> if the drive is removed without a special key.
>
> None of this stuff even comes close to truly securing data. There is
> absolutely not way to do it. It simply cannot be done, period. Any
> encryption or security measure you take can be defeated by thieves.